From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 388FF740039 for ; Thu, 14 Mar 2024 10:27:56 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=RI5iwKf1B8sxwQpkHxylX4r12ZwEaGY03LJUjEGWVAo=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1710412075; v=1; b=BV1LhMTq6sPmKMGpwNqQThB7XMhnHhwUKAbSZqGJeWEA7Wci8jxXFBYvimwNdCXOhPmq/ERB Z3xhwxh4VERj/UziUCu7HjCcW+Cs6yvRN8Pw70qOXtC9U2/h7iv6uBSSX2I0XXC2iJqT9g1beVI 3Qbd3eFCixmz9YOUcTHO9H/KitN3RFKS5A7jxoEGuLPk1yqoY5oQ9fGDGo1rAhWW/lTqaK/cU6D XWwGYQLsH8k0fh3ZBQh3qK6WKSAiVUIK8j92dkW2SHAH9J6JDvzUgT4aArknTzdWxCxMBPJavbT sH4plDO5ka37A8u+ywzs7hUnNus3C8COI9zmUE9iVnk6Q== X-Received: by 127.0.0.2 with SMTP id ojgwYY7687511xb0R3F8U1eO; Thu, 14 Mar 2024 03:27:55 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.18]) by mx.groups.io with SMTP id smtpd.web10.9349.1710412074943578306 for ; Thu, 14 Mar 2024 03:27:55 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,11012"; a="5344885" X-IronPort-AV: E=Sophos;i="6.07,125,1708416000"; d="scan'208";a="5344885" X-Received: from orviesa002.jf.intel.com ([10.64.159.142]) by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Mar 2024 03:27:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,125,1708416000"; d="scan'208";a="43170648" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orviesa002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 14 Mar 2024 03:27:54 -0700 X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 14 Mar 2024 03:27:53 -0700 X-Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 14 Mar 2024 03:27:53 -0700 X-Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 14 Mar 2024 03:27:53 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.101) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 14 Mar 2024 03:27:53 -0700 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by CH3PR11MB7389.namprd11.prod.outlook.com (2603:10b6:610:14d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.16; Thu, 14 Mar 2024 10:27:46 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::e598:df44:ae74:eda3]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::e598:df44:ae74:eda3%6]) with mapi id 15.20.7386.017; Thu, 14 Mar 2024 10:27:45 +0000 From: "Yao, Jiewen" To: Konstantin Kostiuk , "devel@edk2.groups.io" CC: Yan Vugenfirer , Ard Biesheuvel , Gerd Hoffmann Subject: Re: [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver Thread-Topic: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver Thread-Index: AQHadfnjcFSSX+H2XEWL+tuUsaYRPLE3CB7A Date: Thu, 14 Mar 2024 10:27:45 +0000 Message-ID: References: <20240314102447.24313-1-kkostiuk@redhat.com> <20240314102447.24313-2-kkostiuk@redhat.com> In-Reply-To: <20240314102447.24313-2-kkostiuk@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|CH3PR11MB7389:EE_ x-ms-office365-filtering-correlation-id: ba24465c-73ba-4d79-3ef9-08dc441163d1 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: fcUBwH8wnFFtf8mCsvSNasu5/CXsd0ZbA23ZdxzZVN9rsKN96/nVlX3DsUperW54L6TkvLudzXhRGuh5duGxib1qt7EipCBBsHQlEgpqIiIifxW+KkzfthSLdiXvF7hKrADCD54U9FC5g4T2ZGNp2U1WZGoQXPL0hdOmsl7XrlHXQ1r2kEr3xn7dp+1YmrJ+qDidZM7UNMJnp63KqsoQBpxM5SeD0aP6Uc5QMj5LoxrNpm3KIPfBySRceaFfesJwVnyDQbdrlXVsMenu9WzZXRuuM4tyvbn+ErREmNcqexdbLdale130Nb74FXuPrK2EkLj2Zvhr45VT7qFpTXfsEyCpXehfqqSGb7Nko1mEPjqQ1OkWQKaNMg7E6zpAL8J1wdwo/LOacxP6tHky15z7Ro7lxxwQ+zBPFTnhhi8asaLdczC7GNimVcAIlDj51ga4SWa0OEdpW5PfvQNaZbIGoNA7cr3YtpsgOYSTiVEHJTj81asa0H5zCa6ZzXF9dmsxAWk93hs4brmbH1c5mYKGdlKMgECDN4HAIJQOfSjNYo00c+GuOH4Z7kavfgwW2Bd0uMbsEDZSjXhq28zBuEXYvqjafMlRVUyYUT2slYJ02fxJyYNUQG6Vqskwco+7rYjuFoM9pV+Wq4LbvUa6vLB97FyHs9SZ+mwB/MyYQIEVs//nAkI8dVqH7EqOwL6G3Pzq+KRUJ3voyh+xK6MqSUQubxJ8q+G2lKbk+HliY3mK9mA= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?zqSBdqChrTgdDC1iASgKUgFK3R/v8Aph3BPcNQ+P4jgFsWDJfrLL0Umvv1sY?= =?us-ascii?Q?ekXsVGMyZxlFCnHj/gRaNPhk+ekpfaCIU5D40XpgMZJ0BB8dKXjCU2Pz4f92?= =?us-ascii?Q?3aoqeU3QFr6BRSbkWEoBvQNUv7ZOOydWXz+GFvMYFuRhHcq1PQUrN9SMl+pv?= =?us-ascii?Q?1kmTTvBZyrc/kzlBnA/wMieynN6dPespks6IAItTQWG2xRcTxpvJ2Dyh7u+o?= =?us-ascii?Q?N/LxMulB3b5HwWO4bKZ2g9WpLJKa+VuqENjZ1LRr1rHGCh8HVyycR5mt2P2Q?= =?us-ascii?Q?k/hcUVsfja7p2Wx1jtK9VKmM2WFgR3U7tA+lZEqClvy4mVRCljqn8r6bjpJx?= =?us-ascii?Q?s68+i0Y1obzo/YAvfNIskzL4nX8OaJaYBoqLZb+CG9QRfZOgNLiynWeC/Kip?= =?us-ascii?Q?qmam1P4S+EWB+wuEVq78OqfgYKbeybr9non9AvifQT4bo3O8rl1z/9WzHexO?= =?us-ascii?Q?P4BYp6NyDxlA1qAG2NyF0RRvxbZMv/mQj8ejzUUMWyLPRBhxrsAw+X6azEZo?= =?us-ascii?Q?HcaV5nbLvsCAH+AzFGDxDKdm/1kFjwPtMeoUHYfIfTInd51CMvv/dfPfMW11?= =?us-ascii?Q?J3dkVJdDUHEprUFzeEIQNo1i9h2J3p5Sd2qykCLA8UDUCPWpm4H7KEHQP1ek?= =?us-ascii?Q?jgbXf2A+EIQv64tl/Pc5vDpwS6G9bHSK21d4+xSl2K56QvAQ+CvlS2ujSDSm?= =?us-ascii?Q?xRg4KyIoZgeMgKoHzYsfZ16T5h7z0hno7H3EEa0Y6zgWO/djyR7HncyPl0OW?= =?us-ascii?Q?7E7cOwn47XVaAxrXngxetDgLZGxNcPQiyViBeOOah8J2s3iZt/GyuEJfE2uA?= =?us-ascii?Q?rp2IbXOiVkEHYe8Y0aO7aUyqTJ30oYxRTn7FRxcAAdFGcwG01coMiH+HFML9?= =?us-ascii?Q?h3EyB5LVJNIl7DYjNJuP+5ebX45e+pwX9R/L7nKpHDZduFL2viHvv/40b+1n?= =?us-ascii?Q?puQLb1O4q+BE302u2Z5PDW3EKIEmU8xsF3OyrTHR0QQRK4akLjzYlgXrEpQ6?= =?us-ascii?Q?YPtjsbAbk8ucJpM1AfGAdJNfGG3+rZiX5d9jADq59KhOaMmEJBvZMoWE+WoC?= =?us-ascii?Q?xMW5eSojwmq/hqxwwCwZXpTY3fNy55253Jlx4Jjppju5LA5Vh4Vz74iJ+efK?= =?us-ascii?Q?VQ6WeOu/9UCOeBm1BJAMfXREYdqWtfm8YrNmeLyUoFX9p3Iy71yKi9AdHwlK?= =?us-ascii?Q?W2fap4XKh6vzsq2ISta2i3iMu5t/g/6qDl+PAyJbN4lsfyVNFAEqMFgYJtb/?= =?us-ascii?Q?1gXBYpC9ONQMpGWshapxR23tbW/2F71yRxKP8Qs0TqY45rVF3qUhZUQfZdr3?= =?us-ascii?Q?yD0+tmdo1Gv/Wi0Lwhw5xU6ZoziVEmT8Xghy9f+n/rMQRgMy3bvBDMvMTfhj?= =?us-ascii?Q?VPoYFj1Z0TSlyHH05SVGq1kNFo/xwF1xSOE+LM7p5+uEdQDl6wU+puLMirek?= =?us-ascii?Q?JEMxYtqSJrde7jC0iDvmSkbDqPwdCtTbTszhVHJ24J3QWFxJp9agKn/sQaxU?= =?us-ascii?Q?AN0nGbTZuKGxqpnnFmktJZbgwA8tdwF3b4YFKvjojhA8+Ez7zrAeI3UE7VUI?= =?us-ascii?Q?7wYmYkgfKpUTYnZBuXJMf3o0BONb7Rua/MFvjzmc?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ba24465c-73ba-4d79-3ef9-08dc441163d1 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Mar 2024 10:27:45.9172 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: DQelH2orwN2w5dE0Zl7IRvWJMoyvwM3acMpbARYcV4pTS4VWoAmBjsJPOXqGIw+xlqU/P9lwwWAx7mC1u9WBKg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB7389 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 14 Mar 2024 03:27:55 -0700 Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 9Wl0JupFIPga2LuINzdsOR0ax7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=BV1LhMTq; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Question: What is the value to provide an *empty* HSTI table? IMHO, If the goal is to perform some security check, I think we need provid= e a *real* HSTI table. Thank you Yao, Jiewen > -----Original Message----- > From: Konstantin Kostiuk > Sent: Thursday, March 14, 2024 6:25 PM > To: devel@edk2.groups.io > Cc: Yan Vugenfirer ; Ard Biesheuvel > ; Yao, Jiewen ; Gerd > Hoffmann > Subject: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver >=20 > The driver provides empty HSTI table. >=20 > Signed-off-by: Konstantin Kostiuk > --- > OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 +++++++++++++++++++++++++++++ > OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 ++++++++++++++++++++++++ > 2 files changed, 139 insertions(+) > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf >=20 > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > new file mode 100644 > index 0000000000..b9ed189f33 > --- /dev/null > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > @@ -0,0 +1,75 @@ > +/** @file >=20 > + This file contains DXE driver for publishing empty HSTI table >=20 > + >=20 > +Copyright (c) 2017, Intel Corporation. All rights reserved.
>=20 > +Copyright (c) 2024, Red Hat. Inc >=20 > + >=20 > +SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > + >=20 > +**/ >=20 > + >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > + >=20 > +#define HSTI_PLATFORM_NAME L"Intel(R) 9-Series v1" >=20 > +#define HSTI_SECURITY_FEATURE_SIZE 1 >=20 > + >=20 > +ADAPTER_INFO_PLATFORM_SECURITY mHstiBase =3D { >=20 > + PLATFORM_SECURITY_VERSION_VNEXTCS, >=20 > + PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE, >=20 > + { HSTI_PLATFORM_NAME }, >=20 > + HSTI_SECURITY_FEATURE_SIZE, >=20 > +}; >=20 > + >=20 > +/** >=20 > + The driver's entry point. >=20 > + >=20 > + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. >=20 > + @param[in] SystemTable A pointer to the EFI System Table. >=20 > + >=20 > + @retval EFI_SUCCESS The entry point is executed successfully. >=20 > + @retval other Some error occurs when executing this entry po= int. >=20 > +**/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +VirtHstiDxeEntrypoint ( >=20 > + IN EFI_HANDLE ImageHandle, >=20 > + IN EFI_SYSTEM_TABLE *SystemTable >=20 > + ) >=20 > +{ >=20 > + EFI_STATUS Status; >=20 > + >=20 > + // Allocate memory for HSTI struct >=20 > + // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays >=20 > + // UINT8 SecurityFeaturesRequired[]; >=20 > + // UINT8 SecurityFeaturesImplemented[]; >=20 > + // UINT8 SecurityFeaturesVerified[]; >=20 > + // sizeof (CHAR16) is for the NULL terminator of ErrorString >=20 > + // CHAR16 ErrorString[] >=20 > + UINTN HstiSize =3D sizeof (ADAPTER_INFO_PLATFORM_SECURITY) + >=20 > + 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE + >=20 > + sizeof (CHAR16); >=20 > + VOID *HstiStruct =3D AllocateZeroPool (HstiSize); >=20 > + >=20 > + if (HstiStruct =3D=3D NULL) { >=20 > + return EFI_OUT_OF_RESOURCES; >=20 > + } >=20 > + >=20 > + CopyMem (HstiStruct, &mHstiBase, sizeof > (ADAPTER_INFO_PLATFORM_SECURITY)); >=20 > + >=20 > + Status =3D HstiLibSetTable (HstiStruct, HstiSize); >=20 > + if (EFI_ERROR (Status)) { >=20 > + if (Status !=3D EFI_ALREADY_STARTED) { >=20 > + ASSERT_EFI_ERROR (Status); >=20 > + } >=20 > + } >=20 > + >=20 > + return EFI_SUCCESS; >=20 > +} >=20 > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > new file mode 100644 > index 0000000000..270aa60026 > --- /dev/null > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > @@ -0,0 +1,64 @@ > +## @file >=20 > +# Component description file for Virt Hsti Driver >=20 > +# >=20 > +# Copyright (c) 2017, Intel Corporation. All rights reserved.
>=20 > +# Copyright (c) Microsoft Corporation.
>=20 > +# Copyright (c) 2024, Red Hat. Inc >=20 > +# >=20 > +# SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > +# >=20 > +## >=20 > + >=20 > +[Defines] >=20 > + INF_VERSION =3D 0x00010005 >=20 > + BASE_NAME =3D VirtHstiDxe >=20 > + FILE_GUID =3D 60740CF3-D428-4500-80E6-04A5798241E= D >=20 > + MODULE_TYPE =3D DXE_DRIVER >=20 > + VERSION_STRING =3D 1.0 >=20 > + ENTRY_POINT =3D VirtHstiDxeEntrypoint >=20 > + >=20 > +################################################################ > ################ >=20 > +# >=20 > +# Sources Section - list of files that are required for the build to suc= ceed. >=20 > +# >=20 > +################################################################ > ################ >=20 > + >=20 > +[Sources] >=20 > + VirtHstiDxe.c >=20 > + >=20 > +################################################################ > ################ >=20 > +# >=20 > +# Package Dependency Section - list of Package files that are required f= or >=20 > +# this module. >=20 > +# >=20 > +################################################################ > ################ >=20 > + >=20 > +[Packages] >=20 > + MdePkg/MdePkg.dec >=20 > + >=20 > +################################################################ > ################ >=20 > +# >=20 > +# Library Class Section - list of Library Classes that are required for >=20 > +# this module. >=20 > +# >=20 > +################################################################ > ################ >=20 > + >=20 > +[LibraryClasses] >=20 > + UefiDriverEntryPoint >=20 > + UefiLib >=20 > + BaseLib >=20 > + BaseMemoryLib >=20 > + MemoryAllocationLib >=20 > + DebugLib >=20 > + HstiLib >=20 > + UefiBootServicesTableLib >=20 > + >=20 > +################################################################ > ################ >=20 > +# >=20 > +# Protocol C Name Section - list of Protocol and Protocol Notify C Names >=20 > +# that this module uses or produces. >=20 > +# >=20 > +################################################################ > ################ >=20 > + >=20 > +[Depex] >=20 > + TRUE >=20 > -- > 2.44.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116737): https://edk2.groups.io/g/devel/message/116737 Mute This Topic: https://groups.io/mt/104923813/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-